What everyone affected by the CrowdStrike Global Outage needs to know to stay vigilant against new malware attacks.
New Malware Alert
In the wake of the recent CrowdStrike Falcon update mishap that led to widespread IT outages, cybercriminals are swiftly capitalizing on the situation by distributing a new information-stealing malware called Daolpu.
This malicious campaign is being spread through phishing emails disguised as recovery instructions for Windows devices impacted by the faulty update.
The phishing emails contain a document that is masquerading as an official Microsoft support bulletin.
Source: BleepingComputer
When recipients open the document, a file is downloaded and executed on their system, initiating the Daolpu stealer. This malware harvests account credentials, browser history, and authentication cookies from Chrome, Edge, Firefox, and other browsers, and sends the stolen data to the attackers.
To protect yourself from falling victim to such phishing email scams, it is crucial to follow these best practices:
- Verify Email Sources: Always verify the sender’s email address and look for signs of phishing, such as misspellings or unusual URLs. If an email claims to be from a company, cross-check the information on the company’s official website or contact their support directly.
- Avoid Enabling Macros: Do not enable macros in documents received via email from unknown or untrusted sources. Macros can execute harmful code and compromise your system’s security.
- Use Email Filtering: Implement robust email filtering solutions to detect and block phishing emails before they reach your inbox. Many email providers offer advanced filtering options that can help identify and quarantine suspicious messages.
- Educate and Train: Regularly educate and train employees on recognizing phishing attempts and the importance of cybersecurity hygiene. Simulated phishing exercises can be an effective way to raise awareness and prepare users to handle real threats.
Fallout from the Global Outage
George Kurtz, CEO of CrowdStrike Inc., has been called upon by a U.S. congressional panel to testify regarding the global tech outage. The U.S. House of Representatives Homeland Security Committee has requested Kurtz to appear before the Subcommittee on Cybersecurity and Infrastructure Protection.
While CrowdStrike’s fast response has been acknowledged, the gravity of the situation remains, with potential financial impacts exceeding $1 billion and potential legal challenges.
Walter Contreras
Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.
